Identity Management Will Get a Mobile Makeover by 2017

In the first of a two-part series, we explore how mobile will change user authentication and risk management in financial services.

The proliferation of mobile devices has led to a new consumer paradigm -- many consumers think and act in a “mobile-first” way. We check our cellphones before breakfast. They act as a portal to our relationships through social media apps. They organize our day, entertain us, and help us improve our health and manage our money. There are dozens of new use-cases every day. In financial services, our devices are moving from simple information services (example: checking your balance) to transaction providers (example: mobile deposit) or more complex solutions, such as mobile wallets, mobile payments, or mobile photo account opening. All of these are available today, with adoption growing.

A key building block to this trend is a high-quality method of determining identity. We must know who is requesting financial services to satisfy classic Know Your Customer (KYC) measures and thwart potential fraud. Traditionally, we have cobbled together a variety of factors to verify identity, including identity documents, background checks, out-of-wallet questions (such as, What street did you grow up on?), and other documentation. Online, we have added CAPTCHA, IP restrictions, authentication, and other techniques.

Mobile changes all of that. New data and techniques are available that, independently and in conjunction with classic techniques, represent the new era of identity management. As always, adding measures that manage risk can compete with the constant pressure to reduce friction. The good news: Mobile can help with that too.

So, with that as background, here are the first two of four trends I believe will set the direction of mobile identity and make a significant impact by 2017:

Facial verificationAll smartphones have cameras, and we are used to using them. This has created the opportunity to leverage facial recognition as part of identity validation. Assuming the user experience is designed to be simple and compelling, consumers would take an identity “selfie” to validate. This, coupled with a photo/scan of the driver’s license creates a high confidence of identity and that the person was present at the time of the account enrollment. Done right, this creates the magic combination -- managing risk while simplifying the process.

This week, Amazon announced the Fire phone, with five cameras (four of which face the user). While the adoption of this device is yet to be seen, it is an indicator of a broader trend -- that computer-vision-enabled mobile phone cameras are becoming mainstream. By 2017, today’s commonly-accepted selfie will come of age and become more automated. Facial verification will be a mainstream method of identity validation.

Device awarenessWe carry our smartphones everywhere. We protect them with fancy cases, since we intend to keep them for long periods of time. We have long-term relationships with carriers. Therefore, verifying our devices should be a useful measure of identity, and the stability of our phones should add confidence that our transactions are not fraud. Our industry should make use of device reputation and device location as information that can be correlated to risk. As with most risk factors, we should not rely on them exclusively, but as part of a larger risk-management framework.

Whether the impact will be great or small, there is no doubt that facial recognition and device location have the potential to change identity management drastically. What do you think? Are these technologies really game changers, or will their impact be relatively unnoticed? Leave your thoughts in the comments below, and stay tuned for next part two of this article, where I will examine behavioral awareness and the convenience of imaging.

Mike is an experienced mobile technology leader. Prior to joining Mitek, Mike was CTO of Green Dot, where he led the strategy architecture and implementation of their reusable mobile platform to serve the underbanked. Mike also served as a director at Neudesic, where he led ... View Full Bio

Byurcan, agree with your comment about biometrics becoming commonplace. The forces that drive these kinds of trends are strong. I continue to see many examples where convenience is chosen over security by many. Mobile phones have become an extension of who we are, with many (including me) checking their phone >100 times per day. It is not a huge emotional leap to rely on facial recognition as a method of authentication.

Another challenge is the identity validation needed during remote (mobile) enrollment. Signing up for a bank account, prepaid card, mortgage or credit product are examples. I believe that the use of mobile identity will be a key factor here, and growing in the future.

Thanks for the comment. There are obviously lots of tradeoffs, and the security-vs-convenience struggle will continue on. There are many people who will prefer convenience, and technology as a useful enabler. Others will be more cautious. I think the key is for the industry to adopt some core standards of practice (and technology) that reasonably protect the consumer.

I'm torn on the issue myself. The idea of not having to remember a million usernames and crazy passwords is appealing, but I'd have to be convinced of the security first. The key may be layering multiple security technologies (fingerprint/voice recognition, geo-location, etc.), as Jon mentioned below.

I am wholly against it. Most people will say it's paranoid to make the jump from biometrics for mobile phone authentication to some kind of big brother government, but it's not that big leap to make. First, they'll get us comfortable with the technology, then soon the government will install monitoring devices in our homes to make sure we're using the right kind of light bulb.

I also don't like the idea of phones using facial recognition either, but if it is secure and it means I don't have to remember another complex password, I'm all for it. I can only remember so many passwords with Capitals, numerals, and special characters. I'd rather use my brain to store important information, like my wife's birthday, or wedding anniversary. :)

I think more than relying on one type of technology or authentication method, the key to securing mobile will be in layering different technologies and methods on top of each other. For instance, couping facial recognition with fingerprint or voice recognition and geo-location.